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IN THE CLAIMS 

Please cancel claims 6, 14 and 23 without prejudice or disclaimer and amend the claims 
as follows: 

1 . (Currently Amended) A method comprising: 

receiving at least one protocol state machine definition for a network protocol, said 
protocol state machine definition including a plurality of protocol state rules expressed in a text 
format; 

parsing the at least one protocol state machine definition to form a set of parsed protocol 
state rules in a binary format, said parsed protocol state rules including at least one condition and 
at least one action associated with the condition; 

storing a set of filters in a filter database; 

receiving a network flow, said flow including a plurality of packets; and 
applying the parsed protocol state rules to the plurality of packets in the network flow; 
wherein the at least one action comprises the instantiation of a filter for the network flow 
from the set of filters and further wherein the at least one action comprises saving the result of 
the at least one action for use in a later executed rule in the set of parsed protocol state rules. . 

2. (Original) The method of claim 1, wherein the protocol state rules include rules for analyzing 
a context for the network flow. 

3. (Original) The method of claim 2, wherein the context for the network flow includes an 
application layer context. 

4. (Original) The method of claim 1 wherein the filter comprises a dynamic filter that is 
instantiated for the duration of the network flow. 

5. (Original) The method of claim 1, wherein the filter comprises a static filter that is applied 
during an initiation of the network flow. 
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6. (Canceled) 

7. (Previously Presented) The method of claim 6, further comprising maintaining an expected 
state for the network flow utilizing the saved result. 

8. (Original) The method of claim 1, wherein the at least one action comprises activating a rule 
in the set of parsed protocol state rules. 

9. (Currently Amended) A system comprising: 

a parser operable to parse at least one protocol state machine definition for a network 
protocol to a set of parsed protocol state rules in a binary format, said protocol state machine 
definition including a plurality of protocol state rules expressed in a text format, said parsed 
protocol state rules including at least one condition and at least one action associated with the 
condition; 

a filter database operable to store a set of filters in a filter database; and 

a protocol analysis engine operable to receive a network flow, said flow including a 

plurality of packets; and apply the parsed protocol state rules to the plurality of packets in the 

network flow; 

wherein the at least one action comprises the instantiation of a filter for the network flow 
from the set of filters and further wherein the at least one action saves the result of the at least 
one action for use in a later executed rule in the set of parsed protocol state rules . 

10. (Original) The system of claim 9, wherein the protocol state rules include rules to analyze a 
context for the network flow. 

1 1 . (Original) The system of claim 10, wherein the context for the network flow includes an 
application layer context. 
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12. (Original) The system of claim 9 wherein the filter comprises a dynamic filter that is 
instantiated for the duration of the network flow. 

13. (Original) The system of claim 9, wherein the filter comprises a static filter that is applied 
during an initiation of the network flow. 

14. (Canceled) 

15. (Previously Presented) The system of claim 9, wherein the at least one action deactivates a 
rule in the set of parsed protocol state rules. 

16. (Original) The system of claim 9, wherein the at least one action comprises activates a rule 
in the set of parsed protocol state rules. 

17. (Original) The system of claim 9, wherein the protocol analysis engine is further operable to 
maintain a state table for the network flow. 

1 8. (Currently Amended) A tangible machine readable medium storing machine executable 
instructions for performing a method comprising: 

receiving at least one protocol state machine definition for a network protocol, said 
protocol state machine definition including a plurality of protocol state rules expressed in a text 
format; 

parsing the at least one protocol state machine definition to form a set of parsed protocol 
state rules in a binary format, said parsed protocol state rules including at least one condition and 
at least one action associated with the condition; 

storing a set of filters in a filter database; 

receiving a network flow, said flow including a plurality of packets; and 

applying the parsed protocol state rules to the plurality of packets in the network flow; 
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wherein the at least one action comprises the instantiation of a filter for the network flow 
from the set of filters and further wherein the at least one action comprises saving the result of 
the at least one action for use in a later executed rule in the set of parsed protocol state rules . 

19. (Original) The machine readable medium of claim 18, wherein the protocol state rules 
include rules for analyzing a context for the network flow. 

20. (Original) The machine readable medium of claim 19, wherein the context for the network 
flow includes an application layer context. 

21. (Original) The machine readable medium of claim 18 wherein the filter comprises a 
dynamic filter that is instantiated for the duration of the network flow. 

22. (Original) The machine readable medium of claim 18, wherein the filter comprises a static 
filter that is applied during an initiation of the network flow. 

23. (Canceled) 

24. (Original) The machine readable medium of claim 18, wherein the at least one action 
comprises deactivating a rule in the set of parsed protocol state rules. 

25. (Original) The machine readable medium of claim 18, wherein the at least one action 
comprises activating a rule in the set of parsed protocol state rules. 



